Authentication system

ABSTRACT

The authentication system is hard against fraudulent acts even if the authenticator or the system of retail store is forged, resulting in the system with a high security. The system includes: an authenticator having an authentication processor to authenticate whether the user is registered previously, and a data output part to send an identification data of the user when the user is authenticated to be registered previously; and a server having a data input part to input data of the user, a credit appraiser to appraise the user according to the identification data, and an appraisal result output part to output the credit appraisal result.

TECHNICAL FIELD

The present invention relates to an authenticator to authenticate anindividual using image data and an authentication system using theauthenticator.

BACKGROUND ART

Recently, an authenticator using specific biological data of anindividual (so called biometrics data) as an authentication data isrealized for principal authentication, and an authentication systememploying such authenticator capable of data communication for productspurchasing through the network is also marketed.

For example, Japanese Patent Laid-Open Application No. 2003-6549discloses a technology of transaction system capable of productspurchasing composed of an authenticator adopting fingerprints as anauthentication data and a register, deployed in a retail store, capableof communicating with the authenticator.

When a user wants to purchase products in the retail store using thetechnology, firstly the user performs an authentication job using theauthenticator installed in his/her cell-phone to send a principalidentification data to the register deployed in the retail store fromhis/her cell-phone. Then, register in the retail store sendsidentification data of the user to a server of a financial institutionwhere the user has an account and sends an inquiry whether or not theuser can pay for the products. When the server appraises his/her creditsuccessfully (hereafter referred to credit appraisal), the transactionwill be approved and the products expense is deducted from his/heraccount in the financial institution on each occasion or on a contractedsettlement date.

However, various risks of fraudulent acts are possible on the side ofretail store or authenticator in the above technology on transactionsystem. For example, in the conventional technology the authenticatorsends an identification data of the user to the register. The registersends identification data of the user and the inquiry on his/her creditappraisal to the server of financial institution. When the serverappraises the credit successfully, the products expense is transferredfrom his/her account in the financial institution to the account ofretail store. Therefore, the problem is that storing the identificationdata of a certain user in the register of retail store previously,someone impersonating the user can send an inquiry of the identificationdata and credit appraisal from the register to the server pretending asif the user himself/herself purchases products, and that after it wouldbe appraised successfully a value of products that is not reallypurchased is transferred into someone's account.

SUMMARY OF THE INVENTION

Considering the aforementioned problems, the present invention aims atproviding an authentication system with a high security so that nobodycan do fraudulent acts for the system easily.

To solve the problem, it is an aspect of the present invention that theauthentication system includes:

an authenticator having: an authentication processor to authenticatewhether or not an authenticatee is a user previously registered; and adata output part to output the identification data when theauthenticatee is authenticated as a user previously registered; and

a server having: a credit appraiser to appraise credit of authenticateeaccording to the identification data output from the data output part;and an appraisal result output part to output a result in creditappraiser.

The configuration can block fraudulent acts from the retail store sideas identification data of an authenticatee is sent from an authenticatorto a server for credit appraising only after authenticatee has beenaccepted, and therefore it is difficult for someone impersonating theuser to steal the identification data of the authenticatee or to ask theidentification data and credit appraisal even if using tampered devicessuch as for instance the register in retail store or POS system(hereafter referred to terminal), thereby resulting in an authenticationsystem with a high security.

Additionally, the authenticator may have an image reader to input animage data, and the authentication processor may have a configuration toauthenticate the authenticatee according to the image data input fromthe image reader.

The configuration can adopt various kinds of biometrics data of anauthenticatee such as for instance fingerprints, iris, facial features,retina or the like resulting in a higher authentication rate.

Moreover, when an eye-image of an authenticatee is used as input imagedata, the authentication processor may include: an authentication dataproducer to produce an authentication data according to an iris patternof the eye image of authenticatee; a storage to store a loginauthentication data; and a collator to collate the login authenticationdata with the authentication data produced according to the eye image.

The configuration can achieve a more accurate principal authenticationwith a lower false rejection rate and a false acceptance rate.

Next, it is also an aspect of the present invention that theauthentication system is provided with a terminal having an appraisalresult input part to input an appraisal result output from the server.

The configuration can block fraudulent acts from the retail store sideas identification data of an authenticatee is sent from an authenticatorto a server for credit appraising and sending the results to theterminal, only after authenticatee has been accepted, and therefore itis difficult for someone impersonating the user to steal theidentification data of authenticatee or to ask the identification dataand credit appraisal even if using tampered devices such as for instancethe register in retail store, thereby enabling to provide anauthentication system with a high security.

Additionally, the authenticator may have a data input part to input adata including a data on a product to be transacted, and the terminalmay have a data output part to output a data including a data on theproduct to be transacted to the data input part of the authenticator.

The configuration can send information whether or not products can bepurchased or information on products for transaction from the terminalto the authenticator, thus enabling for an authenticatee to know his/hercredit appraisal results or information on products for transaction.

Next, it is still an aspect of the present invention that theauthentication system has:

a server having: a storage to store a login authentication data of auser to be registered and an authentication processor to execute apredetermined authentication process; and a data output part to outputthe login authentication data and the authentication processor; and

an authenticator having: an authentication data input part to input anauthentication data of an authenticatee; a data input part to input thelogin authentication data and the authentication processor; and aprocessor to perform a predetermined processing using the authenticationdata,

wherein the authenticator reads the authentication processor input fromthe server into the processor to collate the authentication data of theauthenticatee with the login authentication data of the authenticateeusing the authentication processor read into the processor.

The configuration can provide the authentication system with a highsecurity as the authenticator starts authentication process afterreceiving the login authentication data and the authentication processorthat have not been installed on the authenticator previously, andtherefore it is difficult for someone to impersonate the authenticateeby tampering the login authentication data of the authenticatee.Additionally, the configuration can perform all the time the newestauthentication processing by an updated version, if the authenticationprocessor is a kind of software, as the authentication processor is sentto the authenticator from the server.

The authentication system may have a register having a loginauthentication data input part to input a login authentication data ofthe user to be registered and a login authentication data output part tooutput the login authentication data, wherein the server having a datainput part to input the login authentication data and the authenticationprocessor, the register outputs the login authentication data input intothe login authentication input part from the data output part to thedata input part of the server, and the server stores the loginauthentication data input into the data input part in the storage.

The configuration can provide the authentication system with a highersecurity because at the start of the authentication system, theauthenticatee sends his/her authentication data input from the registerto the server as his/her login authentication data, the authenticatorperforms the authentication processing with reference to the loginauthentication data sent from the server, therefore a more reliablelogin authentication data can be obtained if the register is deployed ona location with a high security for instance a financial institution orcarrier company.

Moreover, the authentication system may have a configuration that theserver has an encrypter to encrypt the authentication processor and thelogin authentication data by a predetermined encrypting method; stores adecrypter to decrypt encrypted the authentication processor and thelogin authentication data in the storage; and outputs the decrypter andthe encrypted authentication processor and login authentication data;and

the authenticator decrypts the authentication processor and the loginauthentication data input into the data input part by the decrypter.

The configuration can provide the authentication system with a highersecurity because the authenticator communicates with the server usingencrypted data stored in storage of the server, encrypted data thatcannot be decrypted easily if stolen in communication pathways.

Next, it is still an aspect of the invention that the authenticationsystem has:

a register having a login authentication data input part to input alogin authentication data of an authenticatee and a login authenticationdata output part to output the login authentication data;

an authenticator having an authentication data input part, data I/O partto input/output a certain data, and a processor to perform apredetermined processing using the authentication data;

a server having a data input part to input an identification data of theauthenticatee from the authenticator and to input the loginauthentication data from the register, a storage to store the loginauthentication data and an authentication processor to perform apredetermined authentication processing, a credit appraiser to appraisecredit of the authenticatee using the identification data; and

a terminal having an appraisal result input part to input the appraisalresults output from the server, wherein the authenticator reads theauthentication processor input from the server into the processor tocollate the authentication data of the authenticatee with the loginauthentication data by the authentication processor, then outputs theidentification data of the authenticatee to the server when theauthenticatee is authenticated as a user registered previously;

the server appraises credit of the authenticatee in the credit appraiserto output a result of the appraisal to the terminal.

The configuration can provide an authentication system with a highsecurity because an identification data of an authenticatee is sent froman authenticator to a server for credit appraising only afterauthenticatee has been accepted, and therefore it is difficult forsomeone impersonating the user to steal the identification data ofauthenticatee or to ask the identification data and credit appraisaleven if using tampered devices such as for instance the register inretail store or POS terminal. Additionally, The configuration canprovide the authentication system with a higher security because atstart of the authentication system, the authenticatee sends his/herauthentication data input from the register to the server as his/herlogin authentication data, the authenticator performs the authenticationprocessing referring the login authentication data sent from the server,therefore a more reliable login authentication data can be obtained ifthe register is deployed on a highly secure location for instance afinancial institution or a carrier company.

It is an aspect of the present invention that the authenticator has:

an image reader to input an image; an authentication data producer toproduce an authentication data out of the image; a collator to collatethe authentication data with another authentication data; a data inputpart to input a data including a login authentication data; and

a processor to perform a predetermined processing using the data inputfrom the data input part and the image,

wherein the processor reads the authentication data producer and thecollator from the data input part for the authentication data producerto produce the authentication data correspondent to the image, and thecollator checks to compare the login authentication data with theauthentication data correspondent to the image.

The configuration can realize an authentication system with a highsecurity because the authenticator does not have any confidential datasuch as the login authentication data, authentication data producer orcollator initially but starts authentication processing after the loginauthentication data and authentication processor are received, it isdifficult for the authenticatee to impersonate an operator of theauthenticator by tampering the login authentication data, with littlerisks of data leakage even if the authenticator is broken or stolen.Additionally, the configuration can perform all the time the newestauthentication processing by an updated version, if the authenticationprocessor is a kind of software, as the authentication processor is sentto the authenticator from the server.

The authentication system may have a configuration that with the loginauthentication data is encrypted; the data input part inputs a decrypterto decrypt the login authentication data; and the collator checks tocompare the login authentication data decrypted by the decrypter withthe authentication data correspondent to the image.

The configuration can provide the authentication system with a highersecurity because the authenticator communicates with other devices usingencrypted data that cannot be decrypted easily if stolen incommunication pathways.

The authentication system may have a configuration that with the imageis an eye-image of the authenticatee, and the authentication dataproducer produces the authentication data according to an iris patternof the eye-image of the authenticatee.

The configuration can achieve a more reliable principal authenticationwith a lower false rejection rate and false acceptance rate.

Additionally, the server of the present invention has:

a data input part to input data including an authentication data; anencrypter to encrypt the authentication data for a login authenticationdata; a storage to store the login authentication data; and a dataoutput part to output data stored in the storage.

The configuration can provide the authentication system with a highsecurity because the server communicates with other devices usingencrypted data stored in a storage of the server.

Additionally, the storage of the server may store:

an authentication data producer to produce an authentication data usingan image, a collator to collate the authentication data with anotherauthentication data, and a decrypter to decrypt the login authenticationdata.

The configuration can perform an authentication processing in otherinformation equipment that has no authentication processor by sendingthe authentication data producer, collator and decrypter stored in thestorage.

It is also an aspect of the present invention that the register has: animage reader to input an image of a user to be registered; anauthentication data producer to produce a certain authentication datausing the image; an individual data input part to input an individualdata of the user to be registered; and a data output part to output theauthentication data and the individual data.

The configuration can provide the authentication system with a highlevel security because the register can output the authentication dataand individual data obtained from the authenticatee, and that a morecredible login authentication data can be obtained from the registerdeployed in a secure location such as for instance a financial instituteor a carrier company.

The register of the present invention may have a configuration that withthe image is an eye-image of the user to be registered, and theauthentication data producer produces the authentication data accordingto an iris pattern of the eye-image of the user to be registered.

The configuration can register an authentication data capable ofachieving a more accurate principal authentication with a lower falserejection rate and false acceptance rate as a login authentication data.

It is also an aspect of the present invention that the terminal has: anappraisal result input part to input a credit appraisal of a user topurchase a product; and a data output part to output a data including adata showing whether or not the product is accepted to be purchasedbased on a result of the credit appraisal.

The configuration can provide the authentication system with a highsecurity and a less onerous usability because the terminal outputswhether or not a purchaser can purchase products or sends information onthe price of products to the purchaser after receiving the results ofcredit appraisal from other devices such as a server or the like.

The terminal of the authentication system have a configuration that thedata output part outputs the data including the data showing whether ornot the product is accepted to be purchased using an infrared ray.

The configuration can contribute to the operating cost reduction of theauthentication system because the register can send data for instance tothe authenticator double as a telephone from a register instead of usingtelephone lines.

As mentioned above, the authentication system with authenticator, serveror the like of the present invention can provide a configuration with ahigh security because no one can do fraudulent acts on theauthentication system even if the authenticator or the system of retailstore is tampered.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows schematically a block diagram of an authentication systemused in the preferred embodiment of the present invention.

FIG. 2 shows a block diagram of an example of authenticatorconfiguration used in the preferred embodiment of the present invention.

FIG. 3 shows an external view of an authenticator used in the preferredembodiment of the present invention.

FIG. 4 shows a block diagram of an example of server configuration usedin the preferred embodiment of the present invention.

FIG. 5 shows a login authentication data table of the server used in thepreferred embodiment of the present invention.

FIG. 6 shows a block diagram of an example of register configurationused in the preferred embodiment of the present invention.

FIG. 7 shows a block diagram of an example of terminal configurationused in the preferred embodiment of the present invention.

FIG. 8 shows schematically an asking operation for the authenticationsystem used in the preferred embodiment of the present invention.

FIG. 9 shows schematically a transaction operation of products for theauthentication system used in the preferred embodiment of the presentinvention.

FIG. 10 shows an example of application window used in the preferredembodiment of the present invention.

FIG. 11 shows examples of authentication start window and authenticationfinish window of the authentication process used in the preferredembodiment of the present invention.

FIG. 12 shows an example of permission window used in the preferredembodiment of the present invention.

FIG. 13 shows an example of products list window used in the preferredembodiment of the present invention.

FIG. 14 shows examples of transaction confirmation window andtransaction finish window used in the preferred embodiment of thepresent invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT

Now, an authenticator, server and an authentication system used in thepreferred embodiment of the present invention are described withreference to drawings. Firstly, the authentication system configurationis described with reference to FIG. 1. FIG. 1 is a block diagram showingschematically authentication system 1 used in the preferred embodiment.

As shown in FIG. 1, authentication system 1 is a system that user 2 cantransact to purchase products and the like sold in retail store 7 usingauthenticator 3 with telephone functions. Authenticator 3 exchanges datawith terminal 8 in retail store 7 via server 6 provided in carriercompany 5 that serves phone line for authenticator 3. Carrier Company 5pays the expense of products or the like to retail store 7, or makessettlement the credit of user 2. Subsequently, the expense is withdrawnfrom an account of user 2 opened at financial institution 80 for apayment of call fees for carrier company 5. Authenticator 3 exchangessignals with server 6 through network 4.

To start operations of authentication system 1, firstly user 2 must goto carrier company 5 or its branch office 10 beforehand to proceed aregistration as described later at resister 9 deployed there.

Next, respective devices included in authentication system 1 aredescribed in detail.

FIG. 2 is a block diagram showing an example configuration forauthenticator 3 used in the preferred embodiment. As shown in FIG. 2,authenticator 3 comprises:

image reader 33 to input images containing eye (hereafter referred toeye-image) of user 2; input/output (I/O) part 36 to communicate datawith server 6 via Network or the like; storage 35 to store data inputinto I/O part 36; processor 34 to perform a predetermined processingdescribed later for an authentication using data input from image reader33, data stored in storage 35 and data input from I/O part 36; anddisplay 37 to show results processed in processor 34 or the like.

The external view of authenticator 3 is similar to the shape ofcell-phone as an example shown in FIG. 3, and authenticator 3 may havefunctions provided in typical cell-phones such as telephone call,e-mailing or taking images although not shown here.

As shown in FIG. 3, image reader 33 of authenticator 3 takes an imageusing light radiated from light source 38 discharging near infraredlight (a light lying in the wavelength interval from around 700 to 1000nm) and reflected from an eye area of user 2 through optical system 31.User 2 can guide his/her eye into the field angle of optical system 31by using reflection of his/her own eye-image from mirror 39. Imagereader 33 of authenticator 3 should at least have optical system 31, andtherefore mirror 39 can be eliminated when a display device such as LCDor an audio device such as speaker guide eye positioning of user 2.Image reader 33 does not necessarily require light source 38 when usedunder enough brightness such as outdoor use or when used with anexternal light source. However, light source 38 and mirror 39 shouldpreferably be provided practically.

Display 37 can adopt any display device such as LCD widely used incell-phones or the like or EL (Electro-luminescence) panel asappropriate.

Needless to say, authenticator 3 is not limited to a model havingtelephone function only although the example with the function isdescribed in the preferred embodiment. It is also needless to say thatany information device such as compact personal computer, personaldigital assistant (PDA) and digital camera or the like can be used asauthenticator 3 if only they are provided with image reader 33.

As described above, authenticator 3 can take a photo of eye-image at anytime by image reader 33. Moreover, authenticator 3 can carry out anauthentication processing by executing a predetermined softwareinstalled in processor 34 as described later.

Next, a configuration of authenticator 3 of authentication system 1 in ausable condition is described. Here, “authentication system 1 in ausable condition” means a condition when authenticator 3 has receivedclipper 40 as described later, encoder 41, appraiser 42 (hereafterclipper 40, encoder 41 and appraiser 42 are all together referred toauthentication processor 60), decrypter 43 and login authentication data50 from server 6 through I/O part 36.

As shown in FIG. 2, in a usable condition of authentication system 1authenticator 3 comprises followings in processor 34:

clipper 40 to clip an image data input from image reader 33 out into animage with a predetermined size; encoder 41 to encode an image clip outfrom clipper 40 using a predetermined method; decrypter 43 to decryptlogin authentication data 50 stored in storage 35; and appraiser 42 toappraise whether the authentication data encoded by encoder 41 agreewith login authentication data 50 decrypted by decrypter 43.

All of clipper 40, encoder 41, appraiser 42 and decrypter 43 included inauthenticator 3 are softwares respectively. The softwares are sent fromserver 6, then read into processor 34 from I/O part 36 or storage 35 ofauthenticator 3, and are executed respective software functions byprocessor 34.

Additionally, methods for instance disclosed in Japanese PatentPublication No. 3307936 can be used for authentication processing methodof authentication processor 60 such as clipping method of images inclipper 40, encoding method of images in encoder 41, checking methodbetween both authentication data in appraiser 42.

Additionally, login authentication data 50 shall mean an encoded irispattern of user 2 to be checked for authentication.

Login authentication data 50 stored in storage 35 shall be encrypted inserver 6 by a predetermined method, and decrypter 43 has a function todecrypt the encrypted login authentication data 50.

Encryption method of the authentication data can be for instancerearranging bits consisting of the authentication data in a fixed order.Needless to say, the present invention does not limit the encryption andcorresponding decryption method to a specific one but accepts to useother well-known encryption and decryption methods as appropriate.

By reading the login authentication data 50 decrypted in aforesaidauthentication processor 60 and decrypter 43 into processor 34 forexecution, authenticator 3 can perform a principal authentication ofuser 2 by collating authentication data of the coded iris pattern ofeye-image of user 2 with decrypted login authentication data 50.

Next, the configuration of server 6 used in the preferred embodiment isdescribed. FIG. 4 is a block diagram showing an example configuration ofserver 6. Server 6 is described as deployed in carrier company 5 towhich user 2 subscribes. The present invention does not limit a locationfor server 6 to be deployed but needless to say, the server can bedeployed in credit companies, financial institutions or the like.

In FIG. 4, server 6 comprises: input/output (I/O) part 66 to exchangesignals with authenticator 3, register 9 and terminal 8; encrypter 64 toencrypt authentication data input from I/O part 66 by aforesaid methodto produce login authentication data 50; login authentication data table70 as described later to include login authentication data 50 of allusers using authentication system 1; database 62 to store authenticationprocessor 60 consisting of aforesaid clipper 40, encoder 41, appraiser42 and decrypter 43; and controller 61 to control reading/writing datato database 62 according to data input from I/O part 66 or to appraise acredit of user 2. Additionally, controller 61 may have function otherthan mentioned above to send an accounting information to server 51 offinancial institution 80.

Login authentication data table 70 is described here. FIG. 5 shows anexample of login authentication data table 70. Login authentication datatable 70 includes following data for every user using authenticationsystem 1: identification (ID) number; name; address; telephone number;with or without of authorization to use the authentication system;expiration date to use the authentication system; and loginauthentication data or credit information (possible or not to pay apredetermined amount of money) or the like. When a person, therefore,inputs information that he/she wants to purchase products fromauthenticator 3, server 6 can check his/her credit as well as identifythe person.

The configuration of server 6 can store login authentication data 50 onall users who can use authentication system 1, and can send data ofauthentication processor 60 stored in database 62 to authenticator 3through I/O part 66.

Database 62 of server 6 stores authentication data encrypted by theaforesaid method as login authentication data 50. Therefore, if someonecopies or steals login authentication data 50 stored in database 62 touse it fraudulently, it cannot be used directly. Consequently risks ofincorrect action such as impersonation or the like can be drasticallyreduced resulting in server 6 with a high security.

The encryption method described for aforesaid login authentication data50 can also be applied for encrypter 64 in server 6.

Next, the configuration of register 9 is described. FIG. 6 is a blockdiagram showing an example of register configuration. As mentionedabove, register 9 is described with the thought of deployed in branchoffice 10 of carrier company 5. The present invention does not limit alocation for register 9 to deploy but the register can be deployed inany location where tampering actions such as breakage or data stealingare difficult to occur.

Register 9 has: input/output (I/O) part 96 to exchange data with server6; image reader 93 having functions similar to image reader 33 ofaforesaid authenticator 3; authentication data producer 91 havingfunctions similar to clipper 40 and encoder 41 in authenticationprocessor 60 of aforesaid authenticator 3; data input part 97 to inputoperational information to start authentication system 1, individualinformation such as ID of user 2, name, facial photo, signature or thelike; and controller 94 to send authentication data output fromauthentication data producer 91 according to input data from data inputpart 97 or individual data or the like. Additionally, register 9 maycomprise display 95 showing an application window as described later toprompt for user 2 to input his/her individual data.

An example in which authentication data is sent from register 9 toserver 6 directly is described in this embodyment. The configuration candecrease a data size of communication between carrier company 5 andbranch office 10. The data size of aforesaid authentication data, forinstance, can be reduced to only 512 bytes. The configuration is adoptedas an exclusive line or communications line with high security isgenerally provided between carrier company 5 and branch office 10.However, in case of common communications line like the Internet isused, it is needless to say that data exchange between server 6 andregister 9 should preferably be carried out using cryptography agreedbetween the two beforehand. Facial image taken by user 2 himself/herselfin a credible branch office 10 added to his/her signature andauthentication data can be sent to server 6 for registration as facialphoto or signature is included in the individual data input by datainput part 97 of register 9. This can reduce the occurrence of problemsdrastically due to incorrect actions such as impersonation or the likeresulting in the authentication system with a high reliability.

Next, the configuration of terminal 8 is described with respect to FIG.7. As mentioned before, terminal 8 is described as deployed in retailstore 7 selling products which user 2 wants to purchase.

Terminal 8 has: input/output (I/O) part 86 to exchange data with server6; data input part 87 to input data on price, code number or the like ofproducts which user 2 wants to purchase; display 83 to showpredetermined information; controller 84 to output data input in datainput part 87 from I/O part 86, or to show data input from I/O part 86on display 83; and data output part 88 to output data of possible or notto purchase products to authenticator 3.

Data output part 88 can for instance send data to authenticator 3through a phone line, but taking into consideration the cost required,should preferably have a configuration capable of sending data directlysuch as infrared data communication system according to Infrared DataAssociation (IrDA) standard or the like installed on comparatively manyof modern information equipment such as cell-phone, PDA, PC or the like.

Additionally, terminal 8 may have a storage, not shown, to storeidentification data such as ID number or the like previously allocatedto retail store 7 deployed with terminal 8 in authentication system 1.

Next, an example operation of authentication system 1 of the presentinvention is described in detail with reference to FIG. 8 or FIG.9.

As aforementioned, to start operation of authentication system 1, user 2must go to branch office 10 of carrier company 5 beforehand to proceed aregistration at resister 9 deployed there. FIG. 8 is a schematic diagramto explain the process to apply a use of authentication system 1.

As shown in FIG. 8, user 2 goes to branch office 10, deployed withregister 9, of carrier company 5 beforehand to proceed the predeterminedregistration. Specifically, user 2 inputs his/her own individual datasuch as name, address, facial photo or signature or the like from datainput part 97 of register 9, and takes his/her eye-image by image reader93. At this time, application window 11 should preferably be shown indisplay 95 of register 9 for user 2 to input his/her individual dataeasier as shown in FIG. 10. Authentication data producer 91 of register9 produces aforementioned authentication data corresponding to user 2using eye-image input from image reader 93. Moreover, controller 94sends individual data and authentication data to server 6 of carriercompany 5 through I/O part 96 (Si).

Next, controller 61 of server 6 in carrier company 5 provides user 2with his/her ID number according to data input from I/O part 66, andencrypts input authentication data in encrypter 64, thereby creatinglogin authentication data 50. Login authentication data 50 are stored inlogin authentication data table 70 of database 62 being coordinated withID number and individual data. Then login authentication data 50,authentication processor 60 and decrypter 43 (hereafter referred to IDpublication data all together) are sent to authenticator 3 correspondingto user 2 (S2). The sending method may be either attaching the IDpublication data on a general E-mail, or sending the ID publication datadirectly to authenticator 3. Upon receiving the ID publication data,authenticator 3 becomes a usable configuration in authentication system1 as shown in FIG. 2.

Next, to start a use of authentication system 1 practically, user 2takes his/her eye-image to authenticate in authenticator 3 afterauthenticator 3 has received the ID publication data from server 6 (S3).At this time, display 37 of authenticator 3 may show authenticationstart window 12 as shown in FIG. 11A. Eye-image of user 2 input fromimage reader 33 of authenticator 3 is clipped to a predetermined size inclipper 40, subsequently encoded in encoder 41, then sent to appraiser42. Appraiser 42 checks authentication data decrypted from loginauthentication data 50, stored in storage 35, in decrypter 43 to comparewith the authentication data output from encoder 41, and sends theresults to I/O part 36.

When authenticator 3 authenticates user 2 successfully, namely whenappraiser 42 outputs successful signals in principal authentication,authenticator 3 sends the results to server 6 from I/O part 36 ofauthenticator 3. At this time, display 37 of authenticator 3 may havewindow 13 to show an authentication finish as shown in FIG. 11B.

Controller 61 in server 6 receives data sent from authenticator 3through I/O part 66. When the data signals a finish of authenticationprocessing indicating a principal authentication correctly, controller61 writes information that authentication system is in a usable state ona region corresponding to user 2 in login authentication data table 70of database 62 (S4). Server 6 informs authenticator 3 thatauthentication system 1 is in a usable state, and display 37 shows saideffects. At this time, display 37 of authenticator 3 should preferablyhave permission window 14 to show permission for authentication system 1as shown in FIG. 12 enabling user 2 to know the permission clearly.Permission window 14 shown in FIG. 12 is an example indicating data ofuser 2 such as ID number, name, overlimit, expiration date, facial photoor the like. Aforementioned flows of operation enable user 2 to useauthentication system 1 (S5).

Next, the operation of authentication system 1 for user 2 to purchaseproducts at a retail store 7 is described. FIG. 9 shows the operation ofauthentication system 1 for user 2 to purchase products schematically.

In FIG. 9, user 2 expresses his/her will to purchase a predeterminedproducts to a salesperson or the like at a retail store 7 (S11).Needless to say, user 2 can send information of will to purchasepredetermined products to retail store 7 through the network or thelike. In this case, user 2 needs not go to retail store 7 any more butcan purchase products in virtual shops in the network. Additionally,products list window 15 available in this case as shown in FIG. 13 canhelp best choice of products for user 2.

Through a manual operation by salesperson or an automatic operation,terminal 8 in retail store 7 sends data corresponding to the productssuch as price, ID number of retail store 7 or the like to authenticator3 of user 2 from data input part 87 (S12). The sending method may beeither attaching the data on a general E-mail, or sending the datadirectly to authenticator 3. Additionally, data may be sent toauthenticator 3 directly from terminal 8 by using infrared datacommunication system, or be sent through server 6 of carrier company 5or the like. Moreover, user 2 may read in correspondent barcode data ofproducts disposed on storefronts or printed in catalogs that he/shewants to purchase from image reader 33 of authenticator 3. In this case,the barcode data shall supposedly include the ID number of retail store7 or prices of the products or the like that he/she wants to purchase.In response to the data sent from terminal 8 in step S12, a massage toconfirm his/her wish to purchase the products is shown in display 37 ofauthenticator 3. Transaction confirmation window 16 shown in FIG. 14Amay be an example. Transaction confirmation window 16 has only to showdata such as names and prices of the products that he/she wants topurchase. User 2 takes his/her eye-image using authenticator 3 for theprincipal authentication (S13). The principal authentication isprocessed as described before. Upon authenticating, display 37 ofauthenticator 3 may have a configuration to show authentication startwindow 12 or authentication finish window 13.

When appraiser 42 outputs successful signals in principal authenticationof user 2, authenticator 3 sends the data correspondent to successfullyauthenticated user 2 such as individual ID number, store's ID number,prices of bought products or the like (hereafter referred to productspurchase data) to server 6 of carrier company 5 from I/O part 36 ofauthenticator 3. The sending method can be adopted among known methodsas appropriate such as attaching the products purchase data on a generalE-mail, sending the products purchase data directly, or the like.Controller 61 of server 6 performs a credit appraisal whether user 2 hasenough credit to purchase the products according to the productspurchase data received from authenticator 3 (S14). The credit appraisalcan take into consideration the payment history of call charges in thepast of user 2 stored in login authentication data table 70 (hereafterreferred to credit data), or can determine whether the amount goes ornot beyond an predetermined overlimit amount. Controller 61 of server 6sends the results of credit appraisal to terminal 8.

Terminal 8 confirms the results of credit appraisal received (S15). Ifcredit of user 2 is checked successfully, user 2 can get products fromsalesperson of retail store 7 or by transportation (S16). If, in stepS15, credit of user 2 is checked to be not enough to purchase theproducts, user 2 is notified the results by the information shown indisplay 83 of terminal 8, or information sent from the salesperson orthe like, causing user 2 to fail in the transaction.

Additionally, the results of credit appraisal checked at server 6 instep 14 are as aforementioned sent to terminal 8 of retail store 7 andto authenticator 3 of user 2 as well. Display 37 shows a transactionfinish window 17 as shown in FIG. 14B, notifying that products expenseis deducted from his/her account in the financial institutionimmediately or on a contracted settlement date (S17). Server 6 sends ademand for deduction to server 51 of financial institution 80. Thisallows user 2 to know that values of products he/she wants to purchaseare deducted from his/her account in financial institution 80. Needlessto say such configuration can be available that the values are chargedto user 2 later, adding with call charges of carrier company 5.

As mentioned above, the authenticator, server and authentication systemof the present invention can reduce risks of fraudulent acts such asspoofing or forgery of authentication data because user 2 takes his/hereye-images and produces his/her authentication data at register 9 ofbranch office 10 of carrier company 5 to start authentication system 1.Generally speaking, branch offices of carrier companies have a highsecurity.

Additionally, the authenticator, server and authentication system of thepresent invention can reduce occurrences of fraudulent acts against theauthentication system from authenticator 3 drastically becauseauthentication processor 60 is sent to authenticator 3 only afterauthentication system 1 is determined to start.

Moreover, the authenticator, server and authentication system of thepresent invention can provide the configuration with a high security,because authentication data are communicated between authenticator 3 andserver 6 using login authentication data 50 that is an encrypted form ofauthentication data, thereby disabling the data to use as authenticationdata if the data are stolen or copied during the communication.

Moreover, the authenticator, server and authentication system of thepresent invention can provide the configuration with a high security,because server 6 sends decrypter 43 to decrypt login authentication data50 to authenticator 3 only after authentication system 1 has started, oronly for highly credible user authenticated previously.

Additionally, the authenticator, server and authentication system of thepresent invention can provide the configuration with a high security,because authenticator 3 sends products purchasing data or demand forpayment to server 6, thereby disabling fictitious user 2 in retail store7 to forge products purchasing data.

Additionally, although iris data formed from encoded eye-images aredescribed as authentication data in the preferred embodiment, theauthenticator, server and authentication system of the present inventiondo not limit the authentication data to the iris data only. Knownbiometrics data such as fingerprint, eyeground vascular pattern, face orthe like can be used as authentication data.

INDUSTRIAL APPLICABILITY

The authentication system with authenticator, server, register andterminal has a configuration with a high security as no one can dofraudulent acts on the system easily even if using forgery of theauthenticator or retail store's system. The authenticator andauthentication system can be used for the principal authentication usingimages.

1. An authentication system comprising: an authenticator including: anauthentication processor to authenticate whether or not an authenticateeis a user previously registered; and a data output part to output anidentification data when the authenticatee is authenticated as the userpreviously registered; and a server including: a credit appraiser toappraise credit of the authenticatee according to the identificationdata output from the data output part; and an appraisal result outputpart to output a result in the credit appraiser.
 2. The authenticationsystem of claim 1, wherein the authenticator includes an image reader toinput an image data, and the authentication processor authenticates theauthenticatee according to the image data input from the image reader.3. The authentication system of claim 2, wherein an eye-image of theauthenticatee is used as the input image data and the authenticationprocessor includes: an authentication data producer to produce anauthentication data according to an iris pattern of the eye image of theauthenticatee; a storage to store a login authentication data; and acollator to collate the login authentication data with theauthentication data produced according to the eye image.
 4. Theauthentication system of claim 1, further comprising a terminalcomprising a terminal including an appraisal result input part to inputthe appraisal result output from the server.
 5. The authenticationsystem of claim 4, wherein the authenticator has a data input part toinput a data including a data on a product to be transacted, and theterminal has a data output part to output a data including a data on theproduct to be transacted to the data input part of the authenticator. 6.An authentication system comprising: a server including: a storage tostore a login authentication data of a user to be registered and anauthentication processor to execute a predetermined authenticationprocess; and a data output part to output the login authentication dataand the authentication processor; and an authenticator including: anauthentication data input part to input an authentication data of anauthenticatee; an data input part to input the login authentication dataand the authentication processor; and a processor to perform apredetermined processing using the authentication data, wherein theauthenticator reads the authentication processor input from the serverinto the processor to collate the authentication data of theauthenticatee with the login authentication data of the authenticateeusing the authentication processor read into the processor.
 7. Theauthentication system of claim 6, further comprising a register having alogin authentication data input part to input a login authenticationdata of the user to be registered and a login authentication data outputpart to output the login authentication data, wherein the serverincludes a data input part to input the login authentication data andthe authentication processor, the register outputs the loginauthentication data input into the login authentication input part fromthe data output part to the data input part of the server, and theserver stores the login authentication data input into the data inputpart in the storage.
 8. The authentication system of claim 6, whereinthe server includes an encrypter to encrypt the authentication processorand the login authentication data by a predetermined encrypting method;stores a decrypter to decrypt encrypted the authentication processor andthe login authentication data in the storage; and outputs the decrypterand encrypted the authentication processor and the login authenticationdata; and the authenticator decrypts the authentication processor andthe login authentication data input into the data input part by thedecrypter.
 9. An authentication system comprising: a register includinga login authentication data input part to input a login authenticationdata of an authenticatee and a login authentication data output part tooutput the login authentication data; an authenticator including anauthentication data input part, data I/O part to input/output a certaindata, and a processor to perform a predetermined processing using theauthentication data; a server including a data input part to input anidentification data of the authenticatee from the authenticator and toinput the login authentication data from the register, a storage tostore the login authentication data and an authentication processor toperform a predetermined authentication processing, a credit appraiser toappraise a credit of the authenticatee using the identification data;and a terminal including an appraisal result input part to input theappraisal result output from the server, wherein the authenticator readsthe authentication processor input from the server into the processor tocollate the authentication data of the authenticatee with the loginauthentication data by the authentication processor, then outputs theidentification data of the authenticatee to the server when theauthenticatee is authenticated as a user registered previously; theserver appraises credit of the authenticatee in the credit appraiser tooutput a result of the appraisal to the terminal.
 10. An authenticatorcomprising: an image reader to input an image; an authentication dataproducer to produce an authentication data out of the image; a collatorto collate the authentication data with another authentication data; adata input part to input a data including a login authentication data;and a processor to perform a predetermined processing using the datainput from the data input part and the image, wherein the processorreads the authentication data producer and the collator from the datainput part for the authentication data producer to produce theauthentication data correspondent to the image, and the collator checksto compare the login authentication data with the authentication datacorrespondent to the image.
 11. The authenticator of claim 10, whereinthe login authentication data is encrypted; the data input part inputs adecrypter to decrypt the login authentication data; and the collatorchecks to compare the login authentication data decrypted by thedecrypter with the authentication data correspondent to the image. 12.The authenticator of 10, wherein the image is an eye-image of theauthenticatee, and the authentication data producer produces theauthentication data according to an iris pattern of the eye-image of theauthenticatee.
 13. A server comprising: a data input part to input dataincluding an authentication data; an encrypter to encrypt theauthentication data for a login authentication data; a storage to storethe login authentication data; and a data output part to output datastored in the storage.
 14. The server of claim 13, wherein the storagestores: an authentication data producer to produce an authenticationdata using an image, a collator to collate the authentication data withanother authentication data, and a decrypter to decrypt the loginauthentication data.
 15. A register comprising: an image reader to inputan image of a user to be registered; an authentication data producer toproduce a certain authentication data using the image; an individualdata input part to input an individual data of the user to beregistered; and a data output part to output the authentication data andthe individual data.
 16. The register of claim 15, wherein the image isan eye-image of the user to be registered, and the authentication dataproducer produces the authentication data according to an iris patternof the eye-image of the user to be registered.
 17. A terminalcomprising: an appraisal result input part to input a credit appraisalof a user to purchase a product; and a data output part to output a dataincluding a data showing whether or not the product is accepted to bepurchased based on a result of the credit appraisal.
 18. The terminal ofclaim 17, wherein the data output part outputs the data including thedata showing whether or not the product is accepted to be purchasedusing an infrared ray.
 19. The authentication system of claim 7, whereinthe server includes an encrypter to encrypt the authentication processorand the login authentication data by a predetermined encrypting method;stores a decrypter to decrypt encrypted the authentication processor andthe login authentication data in the storage; and outputs the decrypterand encrypted the authentication processor and the login authenticationdata; and the authenticator decrypts the authentication processor andthe login authentication data input into the data input part by thedecrypter.
 20. The authenticator of claim 11, wherein the image is aneye-image of the authenticatee, and the authentication data producerproduces the authentication data according to an iris pattern of theeye-image of the authenticatee.